X-Git-Url: https://git.openstreetmap.org./chef.git/blobdiff_plain/03b5f3ea1de0f4490857a894b407bf4f314a5d2c..0264fea39c0c0c335821e5e9caf7ff2c4ee4a554:/cookbooks/mediawiki/templates/default/LocalSettings.php.erb diff --git a/cookbooks/mediawiki/templates/default/LocalSettings.php.erb b/cookbooks/mediawiki/templates/default/LocalSettings.php.erb index ee14cdcd3..99670dc0f 100644 --- a/cookbooks/mediawiki/templates/default/LocalSettings.php.erb +++ b/cookbooks/mediawiki/templates/default/LocalSettings.php.erb @@ -141,7 +141,7 @@ $wgLanguageCode = "en"; $wgPageLanguageUseDB = true; $wgGroupPermissions['user']['pagelang'] = true; -$wgSecretKey = '<%= @node[:mediawiki][:sites][@name][:wgSecretKey] %>'; +$wgSecretKey = '<%= @secret_key %>'; # Site upgrade key. Must be set to a string (default provided) to turn on the # web installer while LocalSettings.php is in place @@ -193,6 +193,22 @@ $wgGroupPermissions['bureaucrat']['deleterevision'] = true; $wgGroupPermissions['bureaucrat']['suppressrevision'] = true; $wgGroupPermissions['bureaucrat']['suppressionlog'] = true; +# Since 1.32 MW introduced interface-admin group to separate all UI-related rights. This makes sense for bigger sites, +# but for OSM it makes more sense to keep group structure simple. Give all interface-admin rights to sysops. +# Also remove the interface-admin group to avoid confusion. +$wgGroupPermissions['sysop'] = array_merge( $wgGroupPermissions['sysop'], $wgGroupPermissions['interface-admin'] ); +unset( $wgGroupPermissions['interface-admin'] ); +unset( $wgRevokePermissions['interface-admin'] ); +unset( $wgAddGroups['interface-admin'] ); +unset( $wgRemoveGroups['interface-admin'] ); +unset( $wgGroupsAddToSelf['interface-admin'] ); +unset( $wgGroupsRemoveFromSelf['interface-admin'] ); + +# The v1.32+ gadget system also requires two additional rights +# See https://www.mediawiki.org/wiki/Extension:Gadgets +$wgGroupPermissions['sysop']['gadgets-edit'] = true; +$wgGroupPermissions['sysop']['gadgets-definition-edit'] = true; + <% if @mediawiki[:private_accounts] -%> # Prevent new user registrations except by existing users $wgGroupPermissions['*']['createaccount'] = false; @@ -209,17 +225,6 @@ $wgWhitelistRead = array ("Special:Userlogin"); # Prevent new user registrations except by sysops $wgGroupPermissions['*']['createaccount'] = false; -# Since 1.32 MW introduced interface-admin group to separate all UI-related rights. This makes sense for bigger sites, -# but for OSM it makes more sense to keep group structure simple. Give all interface-admin rights to sysops. -# Also remove the interface-admin group to avoid confusion. -$wgGroupPermissions['sysop'] = array_merge( $wgGroupPermissions['sysop'], $wgGroupPermissions['interface-admin'] ); -unset( $wgGroupPermissions['interface-admin'] ); -unset( $wgRevokePermissions['interface-admin'] ); -unset( $wgAddGroups['interface-admin'] ); -unset( $wgRemoveGroups['interface-admin'] ); -unset( $wgGroupsAddToSelf['interface-admin'] ); -unset( $wgGroupsRemoveFromSelf['interface-admin'] ); - # Restrict access to the upload directory $wgUploadPath = "$wgScriptPath/img_auth.php"; <% end -%> @@ -229,7 +234,7 @@ $wgNamespacesWithSubpages[NS_MAIN] = true; # DNS Blacklists to use $wgEnableDnsBlacklist = true; -$wgDnsBlacklistUrls = array( 'proxies.dnsbl.sorbs.net.', 'opm.tornevall.org.', 'xbl.spamhaus.org.', 'dnsbl-3.uceprotect.net.' ); +$wgDnsBlacklistUrls = array( 'proxies.dnsbl.sorbs.net.', 'opm.tornevall.org.', 'xbl.spamhaus.org.', 'dnsbl-2.uceprotect.net.' ); # Require validated email to edit $wgEmailConfirmToEdit = true;